4 matches found
CVE-2019-9574
The WP Human Resource Management plugin for WordPress is affected in versions before 2.2.6. The root cause is insufficient access control: leave modifications may not be performed within the context of the Administrator or HR Manager role. The description does not detail exploitability or affecte...
CVE-2019-9573
The CVE-2019-9573 entry concerns the WordPress WP Human Resource Management plugin, specifically versions prior to 2.2.6. The public description states that the plugin mishandles leave applications, indicating a logic/authorization or data-handling issue in how leave requests are processed. CVSS ...
CVE-2025-5956
CVE-2025-5956 concerns the WordPress plugin WP Human Resource Management (versions 2.0.0–2.2.17). The root cause is missing authorization in the ajax_delete_employee() handler, which reads $_POST['delete'] and passes IDs to wp_delete_user() without verifying delete_users capability or restricting...
CVE-2025-5953
CVE-2025-5953 affects the WordPress plugin WP Human Resource Management (hrm) (versions 2.0.0–2.2.17). The vulnerability arises from missing authorization checks in the AJAX handlers ajax_insert_employee() and update_employee() . The attacker, authenticated with Employee-level access or higher , ...